Executive Summary
Summary | |
---|---|
Title | Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-026 to MS08-029 |
Informations | |||
---|---|---|---|
Name | HPSBST02336 SSRT080071 | First vendor Publication | 2008-05-19 |
Vendor | HP | Last vendor Modification | 2008-05-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01460710 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5578 | |||
Oval ID: | oval:org.mitre.oval:def:5578 | ||
Title: | Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6026 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Jet 4.0 Database Engine |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Jet Engine MDB file ColumnName buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-03 | Name : Windows Vulnerability in Microsoft Jet Database Engine File : nvt/win_CVE-2007-6026.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44880 | Microsoft Windows msjet40.dll MDB File Handling Overflow A remote overflow exists in Microsoft Jet (msjet40.dll). The DLL fails to bounds check user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-05-15 | IAVM : 2008-A-0030 - Microsoft Jet Database Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0016013 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Access MSISAM file magic detected RuleID : 23718 - Revision : 7 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access TJDB file magic detected RuleID : 23717 - Revision : 7 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access JSDB file magic detected RuleID : 23716 - Revision : 7 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access file magic detected RuleID : 23715 - Revision : 8 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access MSISAM file magic detected RuleID : 13633 - Revision : 18 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access TJDB file magic detected RuleID : 13630 - Revision : 18 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access JSDB file magic detected RuleID : 13629 - Revision : 18 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access file magic detected RuleID : 13626 - Revision : 22 - Type : FILE-IDENTIFY |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-05-13 | Name : Arbitrary code can be executed on the remote host through the database engine. File : smb_nt_ms08-028.nasl - Type : ACT_GATHER_INFO |